-
Notifications
You must be signed in to change notification settings - Fork 218
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add validator for services with no auth trait
Adds a validator that warns when there's a service shape that has multiple authDefinition traits applied, but no auth trait. This encourages the use of the auth trait so auth scheme priority is being modeled explicitly. It also allows for tooling to look for and use this validation event. Documentation was also updated to explain that without the auth trait, auth scheme ordering is alphabetical. A test for the auth trait (auth-trait-must-target-service-schemes) was updated to avoid getting the warning message from the new validator.
- Loading branch information
1 parent
15586bd
commit f450453
Showing
8 changed files
with
100 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
...a/software/amazon/smithy/model/validation/validators/ServiceWithNoAuthTraitValidator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
/* | ||
* Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this file except in compliance with the License. | ||
* A copy of the License is located at | ||
* | ||
* http://aws.amazon.com/apache2.0 | ||
* | ||
* or in the "license" file accompanying this file. This file is distributed | ||
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
* express or implied. See the License for the specific language governing | ||
* permissions and limitations under the License. | ||
*/ | ||
|
||
package software.amazon.smithy.model.validation.validators; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
import java.util.stream.Collectors; | ||
import software.amazon.smithy.model.Model; | ||
import software.amazon.smithy.model.knowledge.ServiceIndex; | ||
import software.amazon.smithy.model.shapes.ServiceShape; | ||
import software.amazon.smithy.model.traits.AuthTrait; | ||
import software.amazon.smithy.model.validation.AbstractValidator; | ||
import software.amazon.smithy.model.validation.ValidationEvent; | ||
|
||
/** | ||
* Validates that services with multiple @authDefinition traits applied also | ||
* have an @auth trait applied. | ||
*/ | ||
public class ServiceWithNoAuthTraitValidator extends AbstractValidator { | ||
|
||
@Override | ||
public List<ValidationEvent> validate(Model model) { | ||
List<ValidationEvent> events = new ArrayList<>(); | ||
ServiceIndex index = ServiceIndex.of(model); | ||
|
||
List<ServiceShape> services = model.getServiceShapes().stream() | ||
.filter(serviceShape -> !serviceShape.hasTrait(AuthTrait.ID)) | ||
.filter(serviceShape -> index.getAuthSchemes(serviceShape).size() > 1) | ||
.collect(Collectors.toList()); | ||
|
||
for (ServiceShape service : services) { | ||
events.add(warning(service, "This service uses multiple authentication schemes but is not annotated " | ||
+ "with the @auth trait. The @auth trait defines a priority ordering of " | ||
+ "auth schemes for a client to use. Without it, the ordering of auth " | ||
+ "schemes is alphabetical based on the absolute shape id of the auth " | ||
+ "schemes.")); | ||
|
||
} | ||
return events; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
...mithy/model/errorfiles/validators/service-with-no-auth-trait/multiple-auth-schemes.errors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
[WARNING] smithy.example#FooService: This service uses multiple authentication schemes but is not annotated with the @auth trait. The @auth trait defines a priority ordering of auth schemes for a client to use. Without it, the ordering of auth schemes is alphabetical based on the absolute shape id of the auth schemes. | ServiceWithNoAuthTrait |
18 changes: 18 additions & 0 deletions
18
...mithy/model/errorfiles/validators/service-with-no-auth-trait/multiple-auth-schemes.smithy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
$version: "2" | ||
|
||
namespace smithy.example | ||
|
||
// Service shape with multiple auth schemes and no auth trait should cause warning | ||
@httpBasicAuth | ||
@httpDigestAuth | ||
@httpBearerAuth | ||
service FooService { | ||
version: "2023-08-15" | ||
operations: [GetFoo] | ||
} | ||
|
||
operation GetFoo { | ||
output: GetFooOutput | ||
} | ||
|
||
structure GetFooOutput {} |
Empty file.
16 changes: 16 additions & 0 deletions
16
...azon/smithy/model/errorfiles/validators/service-with-no-auth-trait/one-auth-scheme.smithy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
$version: "2" | ||
|
||
namespace smithy.example | ||
|
||
// Service shape with one auth schemes and no auth trait should NOT cause warning | ||
@httpBasicAuth | ||
service FooService { | ||
version: "2023-08-15" | ||
operations: [GetFoo] | ||
} | ||
|
||
operation GetFoo { | ||
output: GetFooOutput | ||
} | ||
|
||
structure GetFooOutput {} |